John McAfee: As the dark Web bubbles up to the mainstream, hacking just got easier

Backlit Keyboard
John McAfee is one of the most influential commentators on cybersecurity anywhere in the world. His new venture — Future Tense Central — focuses on security and personal privacy-related products. McAfee provides regular insight on global hacking scandals and internet surveillance, and has become a hugely controversial figure following his time in Belize, where he claims to have exposed corruption at the highest level before fleeing the country amid accusations of murder (the Belize government is currently not pursuing any accusations against him).

Co-author Rob Loggia is a white hat hacker and has worked with McAfee doing research and data collection for as far back as McAfee can remember.

The percentage of the population that has some form of tech savvy is higher than it has ever been. Many 21st century grandmothers know how to tweet using their iPhones and they no longer makes a funny face when told to “Google” something. Progress. And our level of dependence on computer systems in business and industry is complete. Computers are everywhere, and they now power the infrastructure and processes that make everything go. And the more we come to depend on these systems, the higher the stakes when someone tries to harm us by hacking them.

Behind the Internet of networked computers that everyone sees and uses on a daily basis lies another, deeper realm that can be collectively termed the Internet Underground. This underground consists of the deep web and the dark web. The deep web is the collection of information that is available on networked computers, but is not indexed by search engines and other typical data-retrieval tools. The dark web consists of overlay networks that use the same infrastructure as the public web, but require special tools and knowledge to access. Both lay beyond the casual reach of the typical Internet user.

Hacker playground

The Internet Underground represents a playground for hackers. Here can be found troves of information, never intended to be publicly shared,  that can be used to create havoc in the physical world. It also contains a wealth of information that can be used to gain even more sensitive data from private networks and computers – information that fuels the attack vector for most successful hacking attempts.

John McAfee
John McAfee

A look at the world’s worst hacks reveals a common pattern: Most were not accomplished by using sophisticated hacking tools or brute force attacks on security mechanisms. Consider one of the worst of these – the 2012 attack on Saudi Aramco, one of the world’s largest oil companies. Within hours, nearly 35,000 distinct computer systems had their functionality crippled or destroyed, causing a massive disruption to the world’s oil supply chain. It was made possible by an employee that was fooled into clicking a bogus link sent in an email. This is social engineering.

In fact 90 percent of hacking is social engineering. We – the user – are the weakest link in the chain of computing trust, imperfect by nature. And all of the security software and hardware in the world will not keep a door shut if an authorized user can be convinced to open it.

Good news

The good news is that there are patterns that we can look at and, in some cases, use to predict where the next attack may fall. Experienced hackers don’t concern themselves much with your firewalls, anti-spyware software, anti-virus software, encryption technology, etc. They want to identify human weakness. If they’re targeting a company, they might examine whether management personnel are frequently shuffled; whether employees are dissatisfied; whether nepotism is tolerated; whether IT managers have stagnated in their training and self improvement. They want to know what level of transparency exists within the corporation and how bloated the chain of command is. In short – they want to know how healthy and nimble the organization is.

Information wants to be free; like water it will flow freely once released from its container.

While anyone is susceptible to an attack at any time, hackers, like anyone else, will tend to go after the low-hanging fruit. Why go after a tightly-knit organization of competent, satisfied professionals supported by a stable IT staff unless there is a tremendous and unique payoff promised? There would be greater risk involved, and the chances of success would be low. Instead they will target an organization with identified human and structural problems.

To make this identification, hackers have traditionally turned to the Internet Underground. But recently it has started to become even easier. The Internet Underground is beginning to spill over into the mainstream web. Shocking types of information that used to be available only for a price on the dark web can now be found using simple Web searches or mobile apps. And found by anyone. While some of this information may seem innocuous to the untrained eye, the fact is that much of it is manna falling from hacker heaven.

Time to reflect

What this means is that protecting systems and networks against successful attack just got harder, and will require us to take a good look at ourselves and our organizations. IT professionals are accustomed to securing hardware and software. But how well do you know the human side of your technology? Is there information about your organization or your personal life out there, right now, migrating out of the Internet Underground to appear in simple web searches? Does this information make you, your family, or your organization an attractive target?

Answering these questions honestly and taking the time to find out for ourselves what information is already available about us needs to become required best practices for security. We are accustomed to securing systems and networks against sophisticated teams of hackers. But information wants to be free; like water it will flow freely once released from its container. Are you prepared for a world where grandma or anyone else can quickly obtain, on the wide open Web, all of the necessary information for a social-engineering hack? Are you prepared?

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Emerging Tech

Awesome Tech You Can’t Buy Yet: Hi-viz bike reflectors and a tiny flashlight

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

Google Chrome’s Progressive Web Apps will soon play nicer with Windows 10

Google is adding a capability to the Chrome browser in an upcoming release that will integrate its Progressive Web Apps with notification badges in the system taskbar in Windows 10.

File Transfer Protocol explained: What FTP is and what it does

FTP stands for "File Transfer Protocol," and it's used to transfer files online. Most internet users don't need it, but web developers use it constantly. Here's what FTP is, how it works, and how you can get started using it.

The web has grown up, but browsers haven’t. It’s time for a reboot

The web has changed a lot over the years, and so has the way we use it. The thing that hasn’t changed? The web browser, the tool every one of us depends on. Here's why it's well past time for new ideas.

The Teslasuit could turn Black Mirror’s terrifying ‘Playtest’ into a reality

We spoke with Teslasuit co-founder Dimitri Mikhalchuk about VR gaming at CES 2019. With all its features, the future of the Teslasuit and virtual reality look bright. And it also sounds a bit like a Black Mirror episode.
Home Theater

Sony’s 360 Reality Audio is the epic sound revolution you didn’t know you needed

After Sony’s utterly bizarre press conference, I almost missed what was perhaps the most impactful sonic experience at the show. Luckily, I went back to Sony’s booth on the last day of the show, only to have my mind blown.

Netflix’s latest price increase heralds the end of streaming’s golden age

Netflix’s recent price rise is just the latest in a string of signs that streaming’s golden age is nearly over. As more services enter the fray, content will be further partitioned, signaling the end of streaming’s good old days.

AT&T jumps the gun with deliberately misleading 5GE launch

As excitement about 5G networks continues to build, AT&T jumps the gun with a ridiculous and deliberate attempt to deceive the public with 5G Evolution – a speed bump that’s based on improvements to 4G tech.

Netflix’s rate hike is a good thing. Wait, wait, hear us out

Upset at Netflix for raising its rates? We don't blame you. Nobody likes to pay more for anything -- even if they love that thing. But you really should be thanking the streaming entertainment giant. The hike in prices is a necessary and…

Bezel-less phones are terrible for typing on, and it’s only going to get worse

Bezel-less smartphone screens look great, and foldable smartphones are an exciting part of the mobile future; but we don't like where the typing experience is heading because of these two trends.

Blizzard's dismal updates to 'Diablo 3' make 'Path of Exile' the better option

'Diablo 3' season 16, the 'Season of Grandeur,' is live. It attempts to shake up the stale meta-game with a minor tweak, but it falls far short of what fans of the franchise want. Better games like 'Path of Exile' are eating Blizzard's…

A wearable may save your life, thanks to A.I. and big data. Here’s how

Wearables are morphing from devices that send you smartphone notifications and track your fitness into gadgets that can monitor your health -- and maybe even save your life.

'Wargroove' is a delightful tactics game that lets you recruit cute armored pups

Wargroove is a fantastical Advance Wars successor with beautiful pixelated visuals and rewarding grid-based combat. In addition to a meaty campaign, Wargroove has an intuitive map editor that lets you create robust campaigns of your own.
Smart Home

Will everything from lamps to fridges be spying on me? Yes, and I’m creeped out

With the debut of Panasonic’s HomeHawk lamp with built-in video camera, should we be concerned that everything -- from couches to dishwashers -- could soon be spying on us? Here’s why the answer to that question is yes.